Linear feedback shift register

Encyclopedia : L : LI : LIN : Linear feedback shift register

A linear feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state.

The only linear functions of single bits are xor and inverse-xor; thus it is a shift register whose input bit is driven by the exclusive-or (xor) of some bits of the overall shift register value.

The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the sequence of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, a LFSR with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle.

Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common.

Contents

1 How it works
2 Output Stream Properties
3 Applications
4 A drop in replacement for Gray Code counters
5 Galois LFSRs
6 Uses in cryptography
7 Uses in digital broadcasting and communications
8 See also
9 External links

How it works

The list of the bits positions that affect the next state is called the tap sequence. In the diagram below, the sequence is [16,14,13,11].

The outputs that influence the input are called taps (blue in the diagram below).
A maximal LFSR produces an n-sequence (i.e. cycles through all possible states within the shift register except all zero bits), unless it contains all zeros, in which case it will never change.

The sequence of numbers generated by a LFSR can be considered a binary numeral system just as valid as Gray code or the natural binary code.

The tap sequence of an LFSR can be represented as a polynomial mod 2. This means that the coefficients of the polynomial must be 1's or 0's. This is called the feedback polynomial or characteristic polynomial. For example, if the taps are at the 16th, 14th, 13th and 11th bits (as below), the resulting LFSR polynomial is

[x^ + x^ + x^ + x^ + 1]

The 'one' in the polynomial does not correspond to a tap. The powers of the terms represent the tapped bits, counting from the left.

If (and only if) this polynomial is a primitive, then the LFSR is maximal
The LFSR will only be maximal if the number of taps is even
The tap values in a maximal LFSR will be relatively prime
There can be more than one maximal tap sequence for a given LFSR length
Once one maximal tap sequence has been found, another automatically follows. If the tap sequence, in an n-bit LFSR, is [n,A,B,C], then the corresponding 'mirror' sequence is [n,n-A,n-B,n-C]. So the tap sequence [32,3,2,1] has as its counterpart [32,29,30,31]. Both give a maximal sequence.

The animation below is erroneous. In one stage of the cycle the values of the taps do not correspond to the values stored in bit positions 14 and 16. The values of the taps rather than the values in the bit positions are then used to calculate the code, thus propagating the error into the feedback. This occurs when the last 3 bits are 100.

Output Stream Properties

Ones and zeroes occur in 'runs'. The output stream 0110100, for example consists of five runs of lengths 1,2,1,1,2, in order. In one period of a maximal LFSR, [2^] runs occurs (for example, a six bit LFSR will have 32 runs). Exactly [1/2] of these runs will be one bit long, [1/4] will be two bits long, up to a single run of zeroes [n-1] bits long, and a single run of ones [n] bits long. This same property is statistically expected in a truly random sequence.
LFSR outputs streams are deterministic. If you know the present state, you can predict the next state. This is not possible with truly random events such as nuclear decay.

Applications

LFSR's can be implemented in hardware, and this makes them useful in applications that require very fast generation of a pseudo-random sequence, such as direct-sequence spread spectrum radio.

The Global Positioning System uses a LFSR to rapidly transmit a sequence that indicates high-precision relative time offsets.

A drop in replacement for Gray Code counters

Some applications need to mark individual locations along a certain distance with unique values. For example, most tape measures mark each inch or centimeter with a unique number using the decimal numeral system. When computer index or framing locations need to be machine-readable, they are often marked using a LFSR sequence, because LFSR counters are simpler and faster than any other kind of binary counter. LFSRs are faster than natural binary counters and Gray code counters. Given an output sequence you can construct a LFSR of minimal size by using the Berlekamp-Massey algorithm.

Galois LFSRs

A Galois LFSR, or a LFSR in Galois configuration, is an alternate structure that can generate the same sequences as a conventional LFSR.

In Galois configuration, when the system is clocked, bits that are not taps are shifted as normal. The taps, on the other hand, are XOR'd with the new output, which also becomes the new input. To generate the same sequence, the order of the taps is the reverse of the order for the conventional LFSR.

Galois LFSRs do not concatenate every tap to produce the new input (the XOR'ing is done within the LFSR and no XOR's are run in serial, therefore the propagation times are reduced to that of one XOR rather than a whole chain), thus it is possible for each tap to be computed in parallel, increasing the speed of execution.
In a software implementation of an LFSR, the Galois form is more efficient as the XOR operations can be implemented a word at a time: only the output bit must be examined individually.

Uses in cryptography

LFSRs have long been used as a pseudo-random number generator for use in stream ciphers (especially in military cryptography), due to the ease of construction from simple electromechanical or electronic circuits, long periods, and very uniformly distributed outputs. However the outputs of LFSRs are completely linear, leading to fairly easy cryptanalysis.

Three general methods are employed to reduce this problem in LFSR based stream ciphers

Non-linear combination of several bits from the LFSR state;
Non-linear combination of the outputs of two or more LFSRs; or
Irregular clocking of the LFSR.

Important LFSR-based stream ciphers include A5/1, A5/2, E0 and the shrinking generator.

Uses in digital broadcasting and communications

In order to keep digital transmissions from forming latent energy patterns that may disrupt other digital or analog transmissions -- linear feedback registers are used to create more randomness in the outgoing digital bitstream (this technique is referred to as scrambling).

Digital broadcasting systems that use linear feedback registers

NICAM (digital audio system for television)
ATSC (HDTV transmission system -- North America)
DVB-T (HDTV transmission system -- Europe, Australasia)

Other digital communications systems using LFSR:

IBS (INTELSAT business service)
IDR (Intermedaite Data Rate service)
SDI (Serial Digital Interface transmission)
Data transfer over PSTN (according to the ITU-T V recommendations)

External links

[Maximal Length LFSR table] with length from 3 to 168
[Pseudo-Random Number Generation Routine]
http://www.ee.ualberta.ca/~elliott/ee552/studentAppNotes/1999f/Drivers_Ed/lfsr.html
http://www.quadibloc.com/crypto/co040801.htm
[Simple explanation of LFSRs for Engineers]
[Feedback terms]
[General LFSR Theory]
[Table of Maximal Tap Sequences]

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.